14041 – springramework-security new security issues CVE-2014-0097 and CVE-2014-3527

Bug 14041 - springramework-security new security issues CVE-2014-0097 and CVE-2014-3527

Summary: springramework-security new security issues CVE-2014-0097 and CVE-2014-3527

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	i586 Linux

Priority:	Normal Severity: critical
Target Milestone:	---
Assignee:	D Morgan
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/610411/
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-09-02 20:54 CEST by David Walser
Modified:	2015-03-11 19:29 CET (History)
CC List:	1 user (show)

See Also:
Source RPM:	springramework-security-3.1.4-5.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2014-09-02 20:54:49 CEST

Fedora has issued an advisory on August 21:
https://lists.fedoraproject.org/pipermail/package-announce/2014-August/137178.html

This package is only in Cauldron

The issues are fixed in 3.1.7, which Fedora updated with these commits:
http://pkgs.fedoraproject.org/cgit/springframework-security.git/commit/?id=2cd3ec92cb91dfc4d6cc06e026930c3386adb04e
http://pkgs.fedoraproject.org/cgit/springframework-security.git/commit/?id=ed4fb631b245b35c7fdb6841a4a43b22d11545b2

Reproducible: 

Steps to Reproduce:

Comment 1 Sander Lepik 2014-11-29 16:02:33 CET

Dropped from cauldron, can be closed if java stack is wiped out.

CC: (none) => mageia

Comment 2 David Walser 2015-03-11 19:29:59 CET

Closing now.  This won't be reintroduced for Mageia 5.

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.